package com.github.veithen.maven.hermetic;

import java.io.File;
import java.io.FileOutputStream;
import java.io.FilePermission;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.SocketPermission;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecution;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.DefaultProjectBuildingRequest;
import org.apache.maven.project.MavenProject;
import org.apache.maven.shared.transfer.artifact.DefaultArtifactCoordinate;
import org.apache.maven.shared.transfer.artifact.resolve.ArtifactResolver;
import org.apache.maven.shared.transfer.artifact.resolve.ArtifactResolverException;

@Mojo(name = "generate-policy", defaultPhase = LifecyclePhase.GENERATE_TEST_RESOURCES, threadSafe = true)
/* loaded from: input_file:com/github/veithen/maven/hermetic/GeneratePolicyMojo.class */
public final class GeneratePolicyMojo extends AbstractMojo {

    @Parameter(property = "project", readonly = true, required = true)
    private MavenProject project;

    @Parameter(property = "session", readonly = true, required = true)
    private MavenSession session;

    @Parameter(property = "mojoExecution", readonly = true, required = true)
    protected MojoExecution mojoExecution;

    @Component
    private ArtifactResolver resolver;

    @Parameter(defaultValue = "${project.build.directory}/test.policy", required = true)
    private File outputFile;

    @Parameter(defaultValue = "${project.build.directory}/secmgr.jar", readonly = true, required = true)
    private File securityManagerJarFile;

    @Parameter(defaultValue = "false", required = true)
    private boolean skip;

    @Parameter(defaultValue = "false", required = true)
    private boolean debug;

    @Parameter(defaultValue = "false", required = true)
    private boolean allowExec;

    @Parameter(defaultValue = "false", required = true)
    private boolean allowCrossProjectAccess;

    @Parameter(defaultValue = "argLine", required = true)
    private String property;

    @Parameter(defaultValue = "true", required = true)
    private boolean append;

    private static File getJavaHome() {
        File file = new File(System.getProperty("java.home"));
        return file.getName().equals("jre") ? file.getParentFile() : file;
    }

    private static boolean isDescendant(File file, File file2) {
        while (!file2.equals(file)) {
            file2 = file2.getParentFile();
            if (file2 == null) {
                return false;
            }
        }
        return true;
    }

    public void execute() throws MojoExecutionException, MojoFailureException {
        String property;
        if (this.skip || this.project.getPackaging().equals("pom")) {
            return;
        }
        File basedir = this.project.getBasedir();
        if (this.allowCrossProjectAccess) {
            File file = basedir;
            while (true) {
                File parentFile = file.getParentFile();
                file = parentFile;
                if (parentFile == null) {
                    break;
                } else if (new File(file, "pom.xml").exists()) {
                    basedir = file;
                }
            }
        }
        this.outputFile.getParentFile().mkdirs();
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(this.outputFile), "utf-8");
            try {
                PolicyWriter policyWriter = new PolicyWriter(outputStreamWriter);
                policyWriter.start();
                File javaHome = getJavaHome();
                policyWriter.generateDirPermissions(javaHome, Integer.MAX_VALUE, false);
                String property2 = System.getProperty("java.ext.dirs");
                if (property2 != null) {
                    Iterator it = ((List) Stream.of((Object[]) property2.split(Pattern.quote(File.pathSeparator))).map(File::new).filter(file2 -> {
                        return !isDescendant(javaHome, file2);
                    }).collect(Collectors.toList())).iterator();
                    while (it.hasNext()) {
                        policyWriter.generateDirPermissions((File) it.next(), 1, false);
                    }
                }
                policyWriter.generateDirPermissions(new File(System.getProperty("maven.home")), 0, false);
                policyWriter.generateDirPermissions(new File(this.session.getSettings().getLocalRepository()), 0, false);
                policyWriter.generateDirPermissions(basedir, 0, false);
                policyWriter.writePermission(new FilePermission(this.session.getRequest().getUserToolchainsFile().getAbsolutePath(), "read"));
                for (MavenProject mavenProject : this.session.getProjects()) {
                    File file3 = mavenProject.getArtifact().getFile();
                    if (file3 != null) {
                        policyWriter.writePermission(new FilePermission(file3.getAbsolutePath(), "read"));
                    }
                    Iterator it2 = mavenProject.getAttachedArtifacts().iterator();
                    while (it2.hasNext()) {
                        policyWriter.writePermission(new FilePermission(((Artifact) it2.next()).getFile().getAbsolutePath(), "read"));
                    }
                }
                for (String str : new String[]{this.project.getBuild().getDirectory(), System.getProperty("java.io.tmpdir")}) {
                    policyWriter.generateDirPermissions(new File(str), 0, true);
                }
                policyWriter.writePermission(new FilePermission(System.getProperty("user.home"), "read"));
                policyWriter.writePermission(new SocketPermission("localhost", "connect,listen,accept,resolve"));
                if (this.allowExec) {
                    policyWriter.writePermission(new FilePermission("<<ALL FILES>>", "execute"));
                }
                policyWriter.end();
                outputStreamWriter.close();
                DefaultArtifactCoordinate defaultArtifactCoordinate = new DefaultArtifactCoordinate();
                defaultArtifactCoordinate.setGroupId("com.github.veithen");
                defaultArtifactCoordinate.setArtifactId("hermetic-security-manager");
                defaultArtifactCoordinate.setVersion("1.0.0");
                defaultArtifactCoordinate.setExtension("jar");
                try {
                    DefaultProjectBuildingRequest defaultProjectBuildingRequest = new DefaultProjectBuildingRequest(this.session.getProjectBuildingRequest());
                    defaultProjectBuildingRequest.setRemoteRepositories(this.project.getPluginArtifactRepositories());
                    File file4 = this.resolver.resolveArtifact(defaultProjectBuildingRequest, defaultArtifactCoordinate).getArtifact().getFile();
                    Properties properties = this.project.getProperties();
                    StringBuilder sb = new StringBuilder();
                    if (this.append && (property = properties.getProperty(this.property)) != null) {
                        sb.append(property);
                        sb.append(" ");
                    }
                    sb.append("-Xbootclasspath/a:");
                    sb.append(file4.toString());
                    sb.append(" -Djava.security.manager=com.github.veithen.hermetic.HermeticSecurityManager");
                    sb.append(" -Djava.security.policy==");
                    sb.append(this.outputFile.getAbsolutePath().replace('\\', '/'));
                    if (this.debug) {
                        sb.append(" -Djava.security.debug=access,failure");
                    }
                    String sb2 = sb.toString();
                    properties.setProperty(this.property, sb2);
                    getLog().info(String.format("%s set to %s", this.property, sb2));
                } catch (ArtifactResolverException e) {
                    throw new MojoFailureException("Unable to resolve artifact", e);
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new MojoFailureException(String.format("Failed to write %s", this.outputFile), e2);
        }
    }
}
